computer science essay

A Study On Microsoft Active Directory Computer Science Essay

Published: 23, March 2015

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Managing shared resources and network accounts are some of the most important and time-consuming tasks for IT personnel, Planning, deploying, and upgrading complex networks can easily become a real nightmare. This Project, will show, how the Active Directory system can simplify the management of network resources while offering enhanced network services.

<

Microsoft Active Directory (AD) has been available since early 2000, and while most organizations have completed their AD deployment and are realizing the many business benefits of having deployed Active Directory, there are still organizations that have either not completed their deployment or have yet to take advantage of some of the important features of Active Directory that yield the greatest business benefits.

Windows Server 2003 and Active Directory help small and medium size organizations with a reliable working environment for the end-users, which offers the highest levels of reliability and performance so users can get their work done as efficiently as possible, as well as providing a more secure and manageable environment to make the lives of the IT staff easier.

What is Active Directory?

Active Directory is the integrated, distributed directory service that is included with Microsoft Windows Server 2003 and Microsoft Windows 2000 Server. Integrated with Active Directory are many of the applications and services that previously required a separate, distinct directory and user ID/password to be managed for each application or service. In Windows NT 4.0, for example, a directory was required for the domain itself, a separate directory for Exchange mailboxes and distribution lists, and separate directories for remote access, database, and other applications. In some cases, separate passwords were required for each application. With Active Directory, the administrator of the organization can add a user to Active Directory and through that single entry enable remote access to the network, enable the same user account for Exchange messaging, that same user for database access for accounting, client relationship management, or other applications. Not only is it possible to use Active Directory as a multi-purpose directory in this fashion but by doing so a company enables single sign-on for its users. Once a user logs in to Windows their Active Directory credential is the key that will automatically unlock all of the applications or services that they have been enabled for, including 3rd party applications that utilize Windows integrated authentication.

By creating a link between user accounts, mailbox accounts, and applications, Active Directory simplifies the task of adding, modifying, and deleting user accounts. When an employee gets married and changes their name, a single change in Active Directory can change the user information for all applications and services. When a user changes their password in Active Directory, they do not have to remember different passwords for their other applications. When a group of users is created such as the "sales group," users can e-mail the group to send a message to all users, administrators can allow security access to resources based on the group name, and users can look-up members of a group by expanding the group information. This is just one example of how Active Directory simplified many administrative tasks and processes that, in the past, involved disparate applications, servers, and services.

Windows Server 2003 and Active Directory help small and medium size organizations with a reliable working environment for the end-users, which offers the highest levels of reliability and performance so users can get their work done as efficiently as possible, as well as providing a more secure and manageable environment to make the lives of the IT staff easier.

Many clients running older operating systems find their current systems simply not capable of meeting the expectations of their business for a reliable, dependable, secure, or manageable environment. While many organizations have gotten creative at workarounds and adding in a number of add-ons and utilities to "make do" with their current investments, Windows Server 2003 and Active Directory provide the out-of-the-box functionality organizations need to effectively and efficiently run their businesses.

Workgroup

Domain

All computers are peers, no computer has control over another computer

One or more computers are servers. Network administrators use servers to control the security and permissions for all computers on the domain. This makes it easy to make changes because the changes are automatically made to all computers.

Each computer has a set of user accounts. To use any computer in the workgroup, you must have an account on that computer.

If you have a user account on the domain, you can log on to any computer on the domain without needing an account on that computer.

There are typically no more than ten to twenty computers.

There can be hundreds or thousands of computers.

All computers must be on the same local network or subnet.

The computers can be on different local networks.

Workgroup usually costs less money to setup.

A domain usually costs more money to setup because there is more hardware and software required

No easily scalable. If using more than 10 computers, the number of accounts to set up increases a lot more

Scales easier if you add more users and computers

Difficult to manage because resource administration is not centralized

Centralized account administration, security policies and permissions

Benefits of Active Directory

Increasing the Productivity of Users

Power of Group Policy

Windows Update Services

Remote Assistance

System Quarantine

Reducing the Burden of IT Administration

Server Performance and Reliability

Administrative Benefits of Group Policy

Remote Installation Services

Remote Administration

Improving Fault Tolerance to Minimize Downtime

Distributed File System (DFS)

Volume Shadow Copy Service (VSS)

Advanced Server Recovery (ASR)

Enhancing Security to Provide Better Peace of Mind

File-Level Encryption

IP Security

Improved Management Tools

Configure Secure Servers

Active Directory integrated applications

Exchange Server

Improved Systems Management with SMS

ECC Company System Upgrade from Workgroup to Domain

Engineering Consultant Company (ECC) which works as Workgroup Model, this project will transfer the company to Domain Model Using "Microsoft Windows Server 2003 Enterprise Edition". I will discuss the Steps I take to do this in Coming Sections.

Install Latest System Updates and Service Packs from Microsoft.com Site.

Give the Server Static IP address before creating Domain.

Start domain creation by using DCPROMO command from run window in start menu or you can use manage your server option in start - programs - Administrative tools, and add new role and choose Active Directory.

Choose Domain Controller for a new forest option and click next.

Choose domain in new forest and click next.

Choose to configure DNS server automatically and click next.

Write Domain Name (ECC.COM) and click next.

Choose database and log folders path.

Write domain restore password.

After domain creation wizard finished you have to restart the server.

Second: Maintain DNS Server

DNS Server Have Many Advantages:

DNS supports Dynamic registration of SRV records registered by a Active Directory server or a domain controller during promotion. With the help of SRV records client machines can find domain controllers in the network.

DNS supports Secure Dynamic updates. Unauthorized access is denied.

Active Directory Integrated Zone. If you have more than one domain controller (recommended) you need not worry about zone replication. Active Directory replication will take care of DNS zone replication also.

If your network uses DHCP with Active Directory then no other DHCP will be able to service client requests coming from different network. It is because DHCP server is authorized in AD and will be the only server to participate on network to provide IP Address information to client machines.

Create new zone in reverse lookup zone

Allow only dynamic updates in DNS zones.

Add a new pointer in reverse lookup zone with domain server record in forward lookup zone.

Check if new domain computers have a record in forward lookup zone after you join the domain.

Third: Creating DHCP

DHCP has many advantages:

DHCP minimizes configuration errors caused by manual IP address configuration, such as typographical errors, as well as address conflicts caused by a currently assigned IP address accidentally being reissued to another computer.

Clients can be automatically assigned a full range of additional TCP/IP configuration values by using DHCP options.

Address changes for client configurations that must be updated frequently, such as remote access clients that move around constantly, can be made efficiently and automatically when the client restarts in its new location.

Most routers can forward DHCP configuration requests, eliminating the requirement of setting up a DHCP server on every subnet, unless there is another reason to do so.

Create DHCP by adding role from manage your server wizard found in administrative tools.

Create new Scope by give it a name, start and end IP addresses and Subnet Mask.

You can create many scopes depend in your network structure and how many VLANS company have.

Determine the scope lease time (Default 8 days).

After that I tested the DHCP.

Fourth: Creating Organizational Units (OUs)

Organizational Unit Advantages:

The primary advantages of the OU are that it affords almost all of the functionality of a domain without the overhead of managing the AD database itself, transaction logs, disaster recovery, backups, monitoring, etc.

OU Administrators have full power over computer accounts, user accounts, group policies, and the way those objects get organized (with the exceptions noted above) and secured. Every object in Active Directory, including objects within an OU (and the OU itself) all have an Access Control List that can be modified to suit the security needs of the OU administrators.

I create 3 OUs inside Active Directory (Normal - Super Users - VIP).

I Apply Policy for each OU to maintain Security setting and domain settings.

Fifth: Create Users accounts

Creating user's accounts for all company employs depend on OUs.

All created users were domain users the only domain admin users is the administrator.

User naming by first letter from name and first letter from second name and full last name.

Users have to change the default password first time he login domain.

Sixth: Creating Group Policies

Group Policy Capabilities

Through Group Policy, administrators define the policies that determine how applications and operating systems are configured and keep users and systems secure. The key features of Group Policy.

Registry-based Policy

The most common and the easiest way to provide policy for an application or operating system component is to implement registry-based policy. With the new Group Policy Management Console (GPMC), described later in this paper, and the Group Policy Object Editor, administrators can define registry-based policies for applications, the operating system, and its components. For example, an administrator can enable a policy setting that removes the Run command from the Start menu for all affected users.

Security Settings

Group Policy provides options for administrators to set security options for computers and users within the scope of a GPO. Local computer, domain, and network security settings can be specified. For added protection, administrators can apply software restriction policies that prevent users from running files based on the path, URL zone, hash, or publisher criteria. Administrators can make exceptions to this default security level by creating rules for specific software.

Software Restrictions

To defend against viruses, unwanted applications, and attacks on computers running Windows XP and Windows Server 2003, Group Policy includes new software restriction policies. Administrators can now use policies to identify software running in a domain and control its ability to execute.

Software Distribution and Installation

Administrators can manage application installation, updates, and removal centrally with Group Policy. Because organizations can deploy and manage customized desktop configurations, they spend less money supporting users on an individual basis. Software an be either assigned to users or computers (mandatory software distribution) or published to users (allowing users to optional install software through Add/Remove Programs in the Control Panel). Users get the flexibility they need to do their jobs without having to spend time configuring their system on their own.

Administrators can use Group Policy to deploy approved packages. For example, in a highly managed desktop environment where users don't have permission to install applications, the Windows Installer service can perform an installation on the user's behalf. In addition, for highly managed workstations, Windows Installer integrates with the software restriction policies implemented through Group Policy to restrict new installations to a list of acceptable software.

Computer and User Scripts

Administrators can use scripts to automate tasks at computer startup and shutdown and user logon and logoff. Any language supported by Windows Scripting Host can be used, including the Microsoft Visual BasicÂ® development system, Scripting Edition (VBScript); JavaScript; PERL; and MS-DOSÂ®-style batch files (.bat and .cmd).

Roaming User Profiles and Redirected Folders

Roaming user profiles provide the ability to store user profiles centrally on a server and load them when a user logs on. As a result, users experience a consistent environment no matter which computer they use. Through folder redirection, important user folders, such as the My Documents and Start menu, can be redirected to a server-based location. Folder redirection allows centralized management of these folders and gives an IT group the capability to easily backup and restore these folders on behalf of users.

Enhancements in Windows Server 2003 provide more robust roaming capabilities and simplified folder redirection. Together, these features allow mobile users or those not assigned to a particular computer see a familiar desktop when they log on and locate needed folders. Administrators also can take advantage of roaming user profiles to replace computers more easily. When a user logs on to a new computer for the first time, the server copy of the user's profile is copied to the new computer. In addition, administrators can redirect users' My Documents folder to their home directory, a new feature.

Offline Folders

When a network is unavailable, the Offline Folders feature provides access to network files and folders from a local disk. Users are assured access to critical information even when network connections are unstable or nonpermanent or when using a mobile computer. When users reconnect to their network, the client files and server files are synchronized, thereby keeping versions consistent and up-to-date.

Internet Explorer Maintenance

Administrators can manage and customize the configuration of Microsoft Internet Explorer on computers that support Group Policy. The Group Policy Object Editor includes the Internet Explorer Maintenance node, which administrators use to edit Internet Explorer security zones, privacy settings, and other parameters on a computer running Windows 2000 and later.

First I had to install Group Policy Management Console (GPMC) this tool have many advantages:

Easy administration of all GPOs across the entire Active Directory Forest

View of all GPOs in one single list

Reporting of GPO settings, security, filters, delegation, etc.

Control of GPO inheritance with Block Inheritance, Enforce, and Security Filtering

Delegation model

Backup and restore of GPOs

Migration of GPOs across different domains and forests

I download GPMC tool from Microsoft.com site and install on server.

Start GPMC console from run windows and type (GPMC.msc).

Once console started you can use it to create new Group Policy Objects (GPO).

Our experts can help you with your essay question

Writing Services

Essay Writing Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing Service

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.

Request Removal

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal: